package com.nudt.examboot.portal.config;

import com.nudt.examboot.portal.security.UserDetailsServiceImpl;
import com.nudt.examboot.portal.security.filter.AuthenticationFilter;
import com.nudt.examboot.portal.security.handler.ExtrAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

/**
 * com.nudt.examboot.management.config
 *
 * @author spoomlan
 * @date 2021/12/6
 */
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsServiceImpl userDetailsServiceImpl;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .exceptionHandling()
                .and().authorizeRequests()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .antMatchers("/teacher/**").hasAnyRole("TEACHER", "ADMIN")
                .antMatchers("/student/**").hasRole("STUDENT")
                .antMatchers("/secure/**").hasAnyRole("ADMIN", "TEACHER")
                .antMatchers("/api2/**").hasAnyRole("ADMIN", "TEACHER", "STUDENT")
                .and().logout()
                .logoutUrl("/j_spring_security_logout").logoutSuccessUrl("/home")
                .and().sessionManagement()
                .invalidSessionUrl("/user-login-page").sessionAuthenticationErrorUrl("/user-login-page")
                .maximumSessions(1).expiredUrl("/home");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServiceImpl)
                .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public AuthenticationFilter authenticationFilter() throws Exception {
        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        authenticationFilter.setFilterProcessesUrl("/j_spring_security_check");
        SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
        failureHandler.setDefaultFailureUrl("/user-login-page?result=failed");
        authenticationFilter.setAuthenticationFailureHandler(failureHandler);
        ExtrAuthenticationSuccessHandler successHandler = new ExtrAuthenticationSuccessHandler();
        successHandler.setDefaultTargetUrl("/home");
        authenticationFilter.setAuthenticationSuccessHandler(successHandler);
        authenticationFilter.setAuthenticationManager(authenticationManagerBean());
        return authenticationFilter;
    }
}
